File storage with parse/MongoDB

Hi everyone. Im coming from the Noodl.net community, a low code platform that uses Parse as its backend.
I’m trying to build my app and I’m trying to figure out file storage. For now, I’ve set up my Classes and records structure, I even have a complex CLP and ACL structure where every user is part of a team that can only access records that belong to their team.
What I want to do now, is set up file uploads so that users can attach files to their records, either through a file field or through url references inline (I’m using a wysiwyg editor that accepts images).
What would be an easy, secure and cost effective scenario to implement this? This is what I’ve figured so far:

1. Use Parse / MongoDB. Possibly expensive. Permissions are already built it so all I need to do is use the ACL.
2. Connect a 3rd party service (like Google bucket) and store files there. Possibly cheaper. How would permissions work? I’ve thought of two ways:
   A. The entire permission structure is duplicated through Google AIM (or another service, respectively) so that every user in Parse, is a user in the storage provider.
   B. Only one access user exists. When any user requests a file, the Parse backend checks if the user is allowed to access that file through the existing ACL then retrieves a temporary url from the storage provider to the user. The url expires after an hour.

What are your thoughts? Do you have better recommendations? Does any of the above sound feasible, reasonable, performant?

Thanks and sorry for the long text!

1. Why do you say Possibly expensive ? for MongoDB
2. If you use file storage with parse-server, you can use it in parse configuration StorageAdapter, and parse will handle that permission stuff.

Can you elaborate on what you said? I can see that an M50 costs more than 1000 euros per month.
Are there other options which I don’t realise maybe?

Yes, i checked M50 cost. But you can store it on ec2 server with mongoDb first one i thought this one.

Storing files in a MongoDB cluster is likely not only one of the most expensive options but also one of the least practical options, for common use cases.

The best option is to use an online storage service like AWS S3 or similar. “Best” here does not only mean “cost effective” but also feature-rich and optimized exactly for that purpose. For example different storage tiers and automated ways to move files between them to further optimize cost. Cleaning up fragmented multi-part uploads. Generate URLs with expiring access tokens to prevent abuse.

You can set up AWS S3 quite easily. Check out the storage adapter’s README.

For further cost optimization you’d add a CDN which can bring down costs significantly. Keep in mind that in most common scenarios the biggest cost factor is not storage but traffic out of that storage.

That’s what I also figured. The question was how could I integrate the permissions system of MongoDbl to the external storage.
I guess one way would be to make all of the files not publicly available, store the link in Parse, and every time a user requests a file, generate a signed url with an expiration of e.g. 1 hour to serve to the user?

The permission system of MongoDB (users, commands) is unrelated to Parse permissions (CLP, ACL). I assume you mean the Parse permissions, so that for example a Parse User can only access their own files, or Parse Users who are members of a Parse Role can only access files of users of that same role?

In that case, there is a way to achieve that, but since these are separate systems (Parse ACL, AWS IAM), it is rather complex to set up. You would implement Parse as an external identity provider to manage access to AWS resources. That would effectively allow you to apply Parse ACL to AWS S3 objects.

An easier solution would be to approximate it with the measures you described: a private S3 bucket that is only accessible by Parse Server, and sending the requesting user a pre-signed, expiring URL. That URL of course can be accessed by anyone who has access to the URL, and not just any Parse User but literally anyone with a web browser.